1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-17 10:26:15 +00:00

Change the initialization methodology for global variables scheduled

for virtualization.

Instead of initializing the affected global variables at instatiation,
assign initial values to them in initializer functions.  As a rule,
initialization at instatiation for such variables should never be
introduced again from now on.  Furthermore, enclose all instantiations
of such global variables in #ifdef VIMAGE_GLOBALS blocks.

Essentialy, this change should have zero functional impact.  In the next
phase of merging network stack virtualization infrastructure from
p4/vimage branch, the new initialization methology will allow us to
switch between using global variables and their counterparts residing in
virtualization containers with minimum code churn, and in the long run
allow us to intialize multiple instances of such container structures.

Discussed at:	devsummit Strassburg
Reviewed by:	bz, julian
Approved by:	julian (mentor)
Obtained from:	//depot/projects/vimage-commit2/...
X-MFC after:	never
Sponsored by:	NLnet Foundation, The FreeBSD Foundation
This commit is contained in:
Marko Zec 2008-11-19 09:39:34 +00:00
parent 6f0e1ffd07
commit 44e33a0758
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=185088
60 changed files with 746 additions and 305 deletions

View File

@ -154,11 +154,6 @@ static unsigned int mbuf_wrs[TX_MAX_SEGS + 1] __read_mostly;
#define TCP_CLOSE 2
#define TCP_DROP 3
extern int tcp_do_autorcvbuf;
extern int tcp_do_autosndbuf;
extern int tcp_autorcvbuf_max;
extern int tcp_autosndbuf_max;
static void t3_send_reset(struct toepcb *toep);
static void send_abort_rpl(struct mbuf *m, struct toedev *tdev, int rst_status);
static inline void free_atid(struct t3cdev *cdev, unsigned int tid);

View File

@ -134,22 +134,21 @@ static int if_getgroupmembers(struct ifgroupreq *);
extern void nd6_setmtu(struct ifnet *);
#endif
int if_index = 0;
int ifqmaxlen = IFQ_MAXLEN;
#ifdef VIMAGE_GLOBALS
struct ifnethead ifnet; /* depend on static init XXX */
struct ifgrouphead ifg_head;
int if_index;
static int if_indexlim;
/* Table of ifnet/cdev by index. Locked with ifnet_lock. */
static struct ifindex_entry *ifindex_table;
static struct knlist ifklist;
#endif
int ifqmaxlen = IFQ_MAXLEN;
struct mtx ifnet_lock;
static if_com_alloc_t *if_com_alloc[256];
static if_com_free_t *if_com_free[256];
static int if_indexlim = 8;
static struct knlist ifklist;
/*
* Table of ifnet/cdev by index. Locked with ifnet_lock.
*/
static struct ifindex_entry *ifindex_table = NULL;
static void filt_netdetach(struct knote *kn);
static int filt_netdev(struct knote *kn, long hint);
@ -357,6 +356,10 @@ if_init(void *dummy __unused)
{
INIT_VNET_NET(curvnet);
V_if_index = 0;
V_ifindex_table = NULL;
V_if_indexlim = 8;
IFNET_LOCK_INIT();
TAILQ_INIT(&V_ifnet);
TAILQ_INIT(&V_ifg_head);

View File

@ -142,8 +142,10 @@ MALLOC_DEFINE(M_ARPCOM, "arpcom", "802.* interface internals");
int
ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst,
struct ip_fw **rule, int shared);
#ifdef VIMAGE_GLOBALS
static int ether_ipfw;
#endif
#endif
/*
* Ethernet output routine.

View File

@ -94,7 +94,18 @@
*/
static struct mtx gif_mtx;
static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
#ifdef VIMAGE_GLOBALS
static LIST_HEAD(, gif_softc) gif_softc_list;
static int max_gif_nesting;
static int parallel_tunnels;
#ifdef INET
int ip_gif_ttl;
#endif
#ifdef INET6
int ip6_gif_hlim;
#endif
#endif
void (*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af);
void (*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af);
@ -123,9 +134,6 @@ SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0,
*/
#define MAX_GIF_NEST 1
#endif
#ifndef VIMAGE
static int max_gif_nesting = MAX_GIF_NEST;
#endif
SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, max_nesting,
CTLFLAG_RW, max_gif_nesting, 0, "Max nested tunnels");
@ -140,11 +148,6 @@ SYSCTL_V_INT(V_NET, vnet_gif, _net_inet6_ip6, IPV6CTL_GIF_HLIM,
* pair of addresses. Some applications require this functionality so
* we allow control over this check here.
*/
#ifdef XBONEHACK
static int parallel_tunnels = 1;
#else
static int parallel_tunnels = 0;
#endif
SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, parallel_tunnels,
CTLFLAG_RW, parallel_tunnels, 0, "Allow parallel tunnels?");
@ -251,12 +254,21 @@ gifmodevent(mod, type, data)
switch (type) {
case MOD_LOAD:
mtx_init(&gif_mtx, "gif_mtx", NULL, MTX_DEF);
LIST_INIT(&V_gif_softc_list);
if_clone_attach(&gif_cloner);
LIST_INIT(&V_gif_softc_list);
V_max_gif_nesting = MAX_GIF_NEST;
#ifdef XBONEHACK
V_parallel_tunnels = 1;
#else
V_parallel_tunnels = 0;
#endif
#ifdef INET
V_ip_gif_ttl = GIF_TTL;
#endif
#ifdef INET6
V_ip6_gif_hlim = GIF_HLIM;
#endif
if_clone_attach(&gif_cloner);
break;
case MOD_UNLOAD:

View File

@ -96,7 +96,9 @@ int looutput(struct ifnet *ifp, struct mbuf *m,
static int lo_clone_create(struct if_clone *, int, caddr_t);
static void lo_clone_destroy(struct ifnet *);
struct ifnet *loif = NULL; /* Used externally */
#ifdef VIMAGE_GLOBALS
struct ifnet *loif; /* Used externally */
#endif
IFC_SIMPLE_DECLARE(lo, 1);
@ -142,6 +144,7 @@ loop_modevent(module_t mod, int type, void *data)
switch (type) {
case MOD_LOAD:
V_loif = NULL;
if_clone_attach(&lo_cloner);
break;

View File

@ -57,7 +57,9 @@
*/
struct mtx rawcb_mtx;
#ifdef VIMAGE_GLOBALS
struct rawcb_list_head rawcb_list;
#endif
SYSCTL_NODE(_net, OID_AUTO, raw, CTLFLAG_RW, 0, "Raw socket infrastructure");

View File

@ -84,6 +84,7 @@ SYSCTL_INT(_net, OID_AUTO, add_addr_allfibs, CTLFLAG_RW,
&rt_add_addr_allfibs, 0, "");
TUNABLE_INT("net.add_addr_allfibs", &rt_add_addr_allfibs);
#ifdef VIMAGE_GLOBALS
static struct rtstat rtstat;
/* by default only the first 'row' of tables will be accessed. */
@ -96,6 +97,7 @@ static struct rtstat rtstat;
struct radix_node_head *rt_tables[RT_MAXFIBS][AF_MAX+1];
static int rttrash; /* routes not in table but not freed */
#endif
static void rt_maskedcopy(struct sockaddr *,
struct sockaddr *, struct sockaddr *);

View File

@ -82,7 +82,12 @@ SYSCTL_DECL(_net_link_ether);
SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, "");
/* timer values */
static int arpt_keep = (20*60); /* once resolved, good for 20 more minutes */
#ifdef VIMAGE_GLOBALS
static int arpt_keep; /* once resolved, good for 20 more minutes */
static int arp_maxtries;
static int useloopback; /* use loopback interface for local traffic */
static int arp_proxyall;
#endif
SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW,
&arpt_keep, 0, "ARP entry lifetime in seconds");
@ -99,10 +104,6 @@ struct llinfo_arp {
static struct ifqueue arpintrq;
static int arp_maxtries = 5;
static int useloopback = 1; /* use loopback interface for local traffic */
static int arp_proxyall = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, maxtries,
CTLFLAG_RW, arp_maxtries, 0,
"ARP resolution attempts before returning error");
@ -1076,6 +1077,12 @@ arp_ifinit2(struct ifnet *ifp, struct ifaddr *ifa, u_char *enaddr)
static void
arp_init(void)
{
INIT_VNET_INET(curvnet);
V_arpt_keep = (20*60); /* once resolved, good for 20 more minutes */
V_arp_maxtries = 5;
V_useloopback = 1; /* use loopback interface for local traffic */
V_arp_proxyall = 0;
arpintrq.ifq_maxlen = 50;
mtx_init(&arpintrq.ifq_mtx, "arp_inq", NULL, MTX_DEF);

View File

@ -80,7 +80,9 @@ static MALLOC_DEFINE(M_IGMP, "igmp", "igmp state");
static struct router_info *find_rti(struct ifnet *ifp);
static void igmp_sendpkt(struct in_multi *, int, unsigned long);
#ifdef VIMAGE_GLOBALS
static struct igmpstat igmpstat;
#endif
SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_igmp, IGMPCTL_STATS,
stats, CTLFLAG_RW, igmpstat, igmpstat, "");
@ -92,8 +94,10 @@ SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_igmp, IGMPCTL_STATS,
* reference counting is used. We allow unlocked reads of router_info data
* when accessed via an in_multi read-only.
*/
static struct mtx igmp_mtx;
#ifdef VIMAGE_GLOBALS
static SLIST_HEAD(, router_info) router_info_head;
#endif
static struct mtx igmp_mtx;
static int igmp_timers_are_running;
/*

View File

@ -66,18 +66,20 @@ static int in_ifinit(struct ifnet *,
struct in_ifaddr *, struct sockaddr_in *, int);
static void in_purgemaddrs(struct ifnet *);
static int subnetsarelocal = 0;
#ifdef VIMAGE_GLOBALS
static int subnetsarelocal;
static int sameprefixcarponly;
extern struct inpcbinfo ripcbinfo;
extern struct inpcbinfo udbinfo;
#endif
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, subnets_are_local,
CTLFLAG_RW, subnetsarelocal, 0,
"Treat all subnets as directly connected");
static int sameprefixcarponly = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, same_prefix_carp_only,
CTLFLAG_RW, sameprefixcarponly, 0,
"Refuse to create same prefixes on different interfaces");
extern struct inpcbinfo ripcbinfo;
extern struct inpcbinfo udbinfo;
/*
* Return 1 if an internet address is for a ``local'' host
* (one to which we have a connection). If subnetsarelocal

View File

@ -85,7 +85,9 @@ struct protosw in_gif_protosw = {
.pr_usrreqs = &rip_usrreqs
};
static int ip_gif_ttl = GIF_TTL;
#ifdef VIMAGE_GLOBALS
extern int ip_gif_ttl;
#endif
SYSCTL_V_INT(V_NET, vnet_gif, _net_inet_ip, IPCTL_GIF_TTL, gifttl,
CTLFLAG_RW, ip_gif_ttl, 0, "");

View File

@ -86,7 +86,9 @@ static MALLOC_DEFINE(M_IPMSOURCE, "in_msource", "IPv4 multicast source filter");
* ip_output() to send IGMP packets while holding the lock; this probably is
* not quite desirable.
*/
#ifdef VIMAGE_GLOBALS
struct in_multihead in_multihead; /* XXX BSS initialization */
#endif
struct mtx in_multi_mtx;
MTX_SYSINIT(in_multi_mtx, &in_multi_mtx, "in_multi_mtx", MTX_DEF | MTX_RECURSE);

View File

@ -84,32 +84,34 @@ __FBSDID("$FreeBSD$");
#include <security/mac/mac_framework.h>
#ifdef VIMAGE_GLOBALS
/*
* These configure the range of local port addresses assigned to
* "unspecified" outgoing connections/packets/whatever.
*/
int ipport_lowfirstauto = IPPORT_RESERVED - 1; /* 1023 */
int ipport_lowlastauto = IPPORT_RESERVEDSTART; /* 600 */
int ipport_firstauto = IPPORT_EPHEMERALFIRST; /* 10000 */
int ipport_lastauto = IPPORT_EPHEMERALLAST; /* 65535 */
int ipport_hifirstauto = IPPORT_HIFIRSTAUTO; /* 49152 */
int ipport_hilastauto = IPPORT_HILASTAUTO; /* 65535 */
int ipport_lowfirstauto;
int ipport_lowlastauto;
int ipport_firstauto;
int ipport_lastauto;
int ipport_hifirstauto;
int ipport_hilastauto;
/*
* Reserved ports accessible only to root. There are significant
* security considerations that must be accounted for when changing these,
* but the security benefits can be great. Please be careful.
*/
int ipport_reservedhigh = IPPORT_RESERVED - 1; /* 1023 */
int ipport_reservedlow = 0;
int ipport_reservedhigh;
int ipport_reservedlow;
/* Variables dealing with random ephemeral port allocation. */
int ipport_randomized = 1; /* user controlled via sysctl */
int ipport_randomcps = 10; /* user controlled via sysctl */
int ipport_randomtime = 45; /* user controlled via sysctl */
int ipport_stoprandom = 0; /* toggled by ipport_tick */
int ipport_randomized;
int ipport_randomcps;
int ipport_randomtime;
int ipport_stoprandom;
int ipport_tcpallocs;
int ipport_tcplastcount;
#endif
#define RANGECHK(var, min, max) \
if ((var) < (min)) { (var) = (min); } \

View File

@ -450,6 +450,8 @@ extern int ipport_lastauto;
extern int ipport_hifirstauto;
extern int ipport_hilastauto;
extern int ipport_randomized;
extern int ipport_randomcps;
extern int ipport_randomtime;
extern int ipport_stoprandom;
extern int ipport_tcpallocs;
extern struct callout ipport_tick_callout;

View File

@ -193,6 +193,7 @@ struct protosw inetsw[] = {
.pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR,
.pr_input = icmp_input,
.pr_ctloutput = rip_ctloutput,
.pr_init = icmp_init,
.pr_usrreqs = &rip_usrreqs
},
{

View File

@ -151,17 +151,20 @@ in_matroute(void *v_arg, struct radix_node_head *head)
return rn;
}
static int rtq_reallyold = 60*60; /* one hour is "really old" */
#ifdef VIMAGE_GLOBALS
static int rtq_reallyold;
static int rtq_minreallyold;
static int rtq_toomany;
#endif
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTEXPIRE, rtexpire,
CTLFLAG_RW, rtq_reallyold, 0,
"Default expiration time on dynamically learned routes");
static int rtq_minreallyold = 10; /* never automatically crank down to less */
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTMINEXPIRE,
rtminexpire, CTLFLAG_RW, rtq_minreallyold, 0,
"Minimum time to attempt to hold onto dynamically learned routes");
static int rtq_toomany = 128; /* 128 cached routes is "too many" */
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_RTMAXCACHE,
rtmaxcache, CTLFLAG_RW, rtq_toomany, 0,
"Upper limit on dynamically learned routes");
@ -256,8 +259,10 @@ in_rtqkill(struct radix_node *rn, void *rock)
}
#define RTQ_TIMEOUT 60*10 /* run no less than once every ten minutes */
static int rtq_timeout = RTQ_TIMEOUT;
#ifdef VIMAGE_GLOBALS
static int rtq_timeout;
static struct callout rtq_timer;
#endif
static void in_rtqtimo_one(void *rock);
@ -376,6 +381,11 @@ in_inithead(void **head, int off)
if (off == 0) /* XXX MRT see above */
return 1; /* only do the rest for a real routing table */
V_rtq_reallyold = 60*60; /* one hour is "really old" */
V_rtq_minreallyold = 10; /* never automatically crank down to less */
V_rtq_toomany = 128; /* 128 cached routes is "too many" */
V_rtq_timeout = RTQ_TIMEOUT;
rnh = *head;
rnh->rnh_addaddr = in_addroute;
rnh->rnh_matchaddr = in_matroute;

View File

@ -137,6 +137,15 @@ do { \
}
#endif
/*
* IP datagram reassembly.
*/
#define IPREASS_NHASH_LOG2 6
#define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2)
#define IPREASS_HMASK (IPREASS_NHASH - 1)
#define IPREASS_HASH(x,y) \
(((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK)
/*
* This information should be part of the ifnet structure but we don't wish
* to change that - as it might break a number of things

View File

@ -112,8 +112,10 @@ __FBSDID("$FreeBSD$");
*/
/* Internal variables. */
#ifdef VIMAGE_GLOBALS
static struct inpcbhead divcb;
static struct inpcbinfo divcbinfo;
#endif
static u_long div_sendspace = DIVSNDQ; /* XXX sysctl ? */
static u_long div_recvspace = DIVRCVQ; /* XXX sysctl ? */

View File

@ -106,7 +106,9 @@ __FBSDID("$FreeBSD$");
#include <machine/in_cksum.h>
static int ipfastforward_active = 0;
#ifdef VIMAGE_GLOBALS
static int ipfastforward_active;
#endif
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, fastforwarding,
CTLFLAG_RW, ipfastforward_active, 0, "Enable fast IP forwarding");

View File

@ -77,47 +77,51 @@ __FBSDID("$FreeBSD$");
* host table maintenance routines.
*/
struct icmpstat icmpstat;
#ifdef VIMAGE_GLOBALS
struct icmpstat icmpstat;
static int icmpmaskrepl;
static u_int icmpmaskfake;
static int drop_redirect;
static int log_redirect;
static int icmplim;
static int icmplim_output;
static char reply_src[IFNAMSIZ];
static int icmp_rfi;
static int icmp_quotelen;
static int icmpbmcastecho;
#endif
SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_STATS, stats,
CTLFLAG_RW, icmpstat, icmpstat, "");
static int icmpmaskrepl = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_MASKREPL, maskrepl,
CTLFLAG_RW, icmpmaskrepl, 0,
"Reply to ICMP Address Mask Request packets.");
static u_int icmpmaskfake = 0;
SYSCTL_V_UINT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_RW,
icmpmaskfake, 0, "Fake reply to ICMP Address Mask Request packets.");
static int drop_redirect = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, drop_redirect,
CTLFLAG_RW, drop_redirect, 0, "Ignore ICMP redirects");
static int log_redirect = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, log_redirect,
CTLFLAG_RW, log_redirect, 0, "Log ICMP redirects to the console");
static int icmplim = 200;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, ICMPCTL_ICMPLIM, icmplim,
CTLFLAG_RW, icmplim, 0, "Maximum number of ICMP responses per second");
static int icmplim_output = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, icmplim_output,
CTLFLAG_RW, icmplim_output, 0,
"Enable rate limiting of ICMP responses");
static char reply_src[IFNAMSIZ];
SYSCTL_V_STRING(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, reply_src,
CTLFLAG_RW, reply_src, IFNAMSIZ,
"icmp reply source for non-local packets.");
static int icmp_rfi = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, reply_from_interface,
CTLFLAG_RW, icmp_rfi, 0, "ICMP reply from incoming interface for "
"non-local packets");
static int icmp_quotelen = 8;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW,
icmp_quotelen, 0, "Number of bytes from original packet to "
"quote in ICMP reply");
@ -126,7 +130,6 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW,
* ICMP broadcast echo sysctl
*/
static int icmpbmcastecho = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_icmp, OID_AUTO, bmcastecho,
CTLFLAG_RW, icmpbmcastecho, 0, "");
@ -140,6 +143,22 @@ static void icmp_send(struct mbuf *, struct mbuf *);
extern struct protosw inetsw[];
void
icmp_init(void)
{
INIT_VNET_INET(curvnet);
V_icmpmaskrepl = 0;
V_icmpmaskfake = 0;
V_drop_redirect = 0;
V_log_redirect = 0;
V_icmplim = 200;
V_icmplim_output = 1;
V_icmp_rfi = 0;
V_icmp_quotelen = 8;
V_icmpbmcastecho = 0;
}
/*
* Generate an error packet of type error
* in response to bad packet ip.

View File

@ -204,6 +204,7 @@ struct icmp {
#ifdef _KERNEL
void icmp_error(struct mbuf *, int, int, n_long, int);
void icmp_input(struct mbuf *, int);
void icmp_init(void);
int ip_next_mtu(int, int);
#endif

View File

@ -89,33 +89,47 @@ __FBSDID("$FreeBSD$");
CTASSERT(sizeof(struct ip) == 20);
#endif
int rsvp_on = 0;
#ifdef VIMAGE_GLOBALS
static int ipsendredirects;
static int ip_checkinterface;
static int ip_keepfaith;
static int ip_sendsourcequench;
int ip_defttl;
int ip_do_randomid;
int ipforwarding;
struct in_ifaddrhead in_ifaddrhead; /* first inet address */
struct in_ifaddrhashhead *in_ifaddrhashtbl; /* inet addr hash table */
u_long in_ifaddrhmask; /* mask for hash table */
struct ipstat ipstat;
static int ip_rsvp_on;
struct socket *ip_rsvpd;
int rsvp_on;
static TAILQ_HEAD(ipqhead, ipq) ipq[IPREASS_NHASH];
static int maxnipq; /* Administrative limit on # reass queues. */
static int maxfragsperpacket;
int ipstealth;
static int nipq; /* Total # of reass queues */
#endif
int ipforwarding = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_FORWARDING,
forwarding, CTLFLAG_RW, ipforwarding, 0,
"Enable IP forwarding between interfaces");
static int ipsendredirects = 1; /* XXX */
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_SENDREDIRECTS,
redirect, CTLFLAG_RW, ipsendredirects, 0,
"Enable sending IP redirects");
int ip_defttl = IPDEFTTL;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_DEFTTL,
ttl, CTLFLAG_RW, ip_defttl, 0, "Maximum TTL on IP packets");
static int ip_keepfaith = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, IPCTL_KEEPFAITH,
keepfaith, CTLFLAG_RW, ip_keepfaith, 0,
"Enable packet capture for FAITH IPv4->IPv6 translater daemon");
static int ip_sendsourcequench = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO,
sendsourcequench, CTLFLAG_RW, ip_sendsourcequench, 0,
"Enable the transmission of source quench packets");
int ip_do_randomid = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, random_id,
CTLFLAG_RW, ip_do_randomid, 0, "Assign random ip_id values");
@ -132,7 +146,6 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, random_id,
* to the loopback interface instead of the interface where the
* packets for those addresses are received.
*/
static int ip_checkinterface = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO,
check_interface, CTLFLAG_RW, ip_checkinterface, 0,
"Verify packet arrives on correct interface");
@ -145,9 +158,6 @@ static int ipqmaxlen = IFQ_MAXLEN;
extern struct domain inetdomain;
extern struct protosw inetsw[];
u_char ip_protox[IPPROTO_MAX];
struct in_ifaddrhead in_ifaddrhead; /* first inet address */
struct in_ifaddrhashhead *in_ifaddrhashtbl; /* inet addr hash table */
u_long in_ifaddrhmask; /* mask for hash table */
SYSCTL_INT(_net_inet_ip, IPCTL_INTRQMAXLEN, intr_queue_maxlen, CTLFLAG_RW,
&ipintrq.ifq_maxlen, 0, "Maximum size of the IP input queue");
@ -155,21 +165,10 @@ SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROPS, intr_queue_drops, CTLFLAG_RD,
&ipintrq.ifq_drops, 0,
"Number of packets dropped from the IP input queue");
struct ipstat ipstat;
SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW,
ipstat, ipstat, "IP statistics (struct ipstat, netinet/ip_var.h)");
/*
* IP datagram reassembly.
*/
#define IPREASS_NHASH_LOG2 6
#define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2)
#define IPREASS_HMASK (IPREASS_NHASH - 1)
#define IPREASS_HASH(x,y) \
(((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK)
static uma_zone_t ipq_zone;
static TAILQ_HEAD(ipqhead, ipq) ipq[IPREASS_NHASH];
static struct mtx ipqlock;
#define IPQ_LOCK() mtx_lock(&ipqlock)
@ -180,13 +179,10 @@ static struct mtx ipqlock;
static void maxnipq_update(void);
static void ipq_zone_change(void *);
static int maxnipq; /* Administrative limit on # reass queues. */
static int nipq = 0; /* Total # of reass queues */
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, fragpackets,
CTLFLAG_RD, nipq, 0,
"Current number of IPv4 fragment reassembly queue entries");
static int maxfragsperpacket;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, maxfragsperpacket,
CTLFLAG_RW, maxfragsperpacket, 0,
"Maximum number of IPv4 fragments allowed per packet");
@ -199,7 +195,6 @@ SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW,
#endif
#ifdef IPSTEALTH
int ipstealth = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW,
ipstealth, 0, "IP stealth mode, no TTL decrementation on forwarding");
#endif
@ -225,6 +220,37 @@ ip_init(void)
struct protosw *pr;
int i;
V_ipsendredirects = 1; /* XXX */
V_ip_checkinterface = 0;
V_ip_keepfaith = 0;
V_ip_sendsourcequench = 0;
V_rsvp_on = 0;
V_ip_defttl = IPDEFTTL;
V_ip_do_randomid = 0;
V_ipforwarding = 0;
V_ipstealth = 0;
V_nipq = 0; /* Total # of reass queues */
V_ipport_lowfirstauto = IPPORT_RESERVED - 1; /* 1023 */
V_ipport_lowlastauto = IPPORT_RESERVEDSTART; /* 600 */
V_ipport_firstauto = IPPORT_EPHEMERALFIRST; /* 10000 */
V_ipport_lastauto = IPPORT_EPHEMERALLAST; /* 65535 */
V_ipport_hifirstauto = IPPORT_HIFIRSTAUTO; /* 49152 */
V_ipport_hilastauto = IPPORT_HILASTAUTO; /* 65535 */
V_ipport_reservedhigh = IPPORT_RESERVED - 1; /* 1023 */
V_ipport_reservedlow = 0;
V_ipport_randomized = 1; /* user controlled via sysctl */
V_ipport_randomcps = 10; /* user controlled via sysctl */
V_ipport_randomtime = 45; /* user controlled via sysctl */
V_ipport_stoprandom = 0; /* toggled by ipport_tick */
#ifdef NOTYET
/* XXX global static but not instantiated in this file */
V_ipfastforward_active = 0;
V_subnetsarelocal = 0;
V_sameprefixcarponly = 0;
#endif
TAILQ_INIT(&V_in_ifaddrhead);
V_in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR, &V_in_ifaddrhmask);
pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW);
@ -1591,8 +1617,6 @@ ip_savecontrol(struct inpcb *inp, struct mbuf **mp, struct ip *ip,
* locking. This code remains in ip_input.c as ip_mroute.c is optionally
* compiled.
*/
static int ip_rsvp_on;
struct socket *ip_rsvpd;
int
ip_rsvp_init(struct socket *so)
{

View File

@ -83,7 +83,9 @@ __FBSDID("$FreeBSD$");
(ntohl(a.s_addr)>>8)&0xFF,\
(ntohl(a.s_addr))&0xFF, y);
#ifdef VIMAGE_GLOBALS
u_short ip_id;
#endif
#ifdef MBUF_STRESS_TEST
int mbuf_frag_size = 0;

View File

@ -76,8 +76,10 @@ __FBSDID("$FreeBSD$");
#include <security/mac/mac_framework.h>
#ifdef VIMAGE_GLOBALS
struct inpcbhead ripcb;
struct inpcbinfo ripcbinfo;
#endif
/* control hooks for ipfw and dummynet */
ip_fw_ctl_t *ip_fw_ctl_ptr = NULL;
@ -91,7 +93,9 @@ ip_dn_ctl_t *ip_dn_ctl_ptr = NULL;
/*
* The socket used to communicate with the multicast routing daemon.
*/
#ifdef VIMAGE_GLOBALS
struct socket *ip_mrouter;
#endif
/*
* The various mrouter and rsvp functions.

View File

@ -146,9 +146,11 @@ struct tcp_hostcache {
int prune;
int purgeall;
};
static struct tcp_hostcache tcp_hostcache;
#ifdef VIMAGE_GLOBALS
static struct tcp_hostcache tcp_hostcache;
static struct callout tcp_hc_callout;
#endif
static struct hc_metrics *tcp_hc_lookup(struct in_conninfo *);
static struct hc_metrics *tcp_hc_insert(struct in_conninfo *);

View File

@ -99,7 +99,21 @@ __FBSDID("$FreeBSD$");
static const int tcprexmtthresh = 3;
#ifdef VIMAGE_GLOBALS
struct tcpstat tcpstat;
int blackhole;
int tcp_delack_enabled;
int drop_synfin;
int tcp_do_rfc3042;
int tcp_do_rfc3390;
int tcp_do_ecn;
int tcp_ecn_maxretries;
int tcp_insecure_rst;
int tcp_do_autorcvbuf;
int tcp_autorcvbuf_inc;
int tcp_autorcvbuf_max;
#endif
SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_STATS, stats,
CTLFLAG_RW, tcpstat , tcpstat,
"TCP statistics (struct tcpstat, netinet/tcp_var.h)");
@ -108,59 +122,50 @@ int tcp_log_in_vain = 0;
SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW,
&tcp_log_in_vain, 0, "Log all incoming TCP segments to closed ports");
static int blackhole = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW,
blackhole, 0, "Do not send RST on segments to closed ports");
int tcp_delack_enabled = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, delayed_ack,
CTLFLAG_RW, tcp_delack_enabled, 0,
"Delay ACK to try and piggyback it onto a data packet");
static int drop_synfin = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, drop_synfin,
CTLFLAG_RW, drop_synfin, 0, "Drop TCP packets with SYN+FIN set");
static int tcp_do_rfc3042 = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, rfc3042, CTLFLAG_RW,
tcp_do_rfc3042, 0, "Enable RFC 3042 (Limited Transmit)");
static int tcp_do_rfc3390 = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, rfc3390, CTLFLAG_RW,
tcp_do_rfc3390, 0,
"Enable RFC 3390 (Increasing TCP's Initial Congestion Window)");
int tcp_do_ecn = 0;
int tcp_ecn_maxretries = 1;
SYSCTL_NODE(_net_inet_tcp, OID_AUTO, ecn, CTLFLAG_RW, 0, "TCP ECN");
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_ecn, OID_AUTO, enable,
CTLFLAG_RW, tcp_do_ecn, 0, "TCP ECN support");
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_ecn, OID_AUTO, maxretries,
CTLFLAG_RW, tcp_ecn_maxretries, 0, "Max retries before giving up on ECN");
static int tcp_insecure_rst = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, insecure_rst,
CTLFLAG_RW, tcp_insecure_rst, 0,
"Follow the old (insecure) criteria for accepting RST packets");
int tcp_do_autorcvbuf = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_auto,
CTLFLAG_RW, tcp_do_autorcvbuf, 0,
"Enable automatic receive buffer sizing");
int tcp_autorcvbuf_inc = 16*1024;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_inc,
CTLFLAG_RW, tcp_autorcvbuf_inc, 0,
"Incrementor step size of automatic receive buffer");
int tcp_autorcvbuf_max = 256*1024;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, recvbuf_max,
CTLFLAG_RW, tcp_autorcvbuf_max, 0,
"Max size of automatic receive buffer");
#ifdef VIMAGE_GLOBALS
struct inpcbhead tcb;
#define tcb6 tcb /* for KAME src sync over BSD*'s */
struct inpcbinfo tcbinfo;
#endif
#define tcb6 tcb /* for KAME src sync over BSD*'s */
static void tcp_dooptions(struct tcpopt *, u_char *, int, int);
static void tcp_do_segment(struct mbuf *, struct tcphdr *,

View File

@ -87,39 +87,42 @@ __FBSDID("$FreeBSD$");
extern struct mbuf *m_copypack();
#endif
int path_mtu_discovery = 1;
#ifdef VIMAGE_GLOBALS
int path_mtu_discovery;
int ss_fltsz;
int ss_fltsz_local;
int tcp_do_newreno;
int tcp_do_tso;
int tcp_do_autosndbuf;
int tcp_autosndbuf_inc;
int tcp_autosndbuf_max;
#endif
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, path_mtu_discovery,
CTLFLAG_RW, path_mtu_discovery, 1, "Enable Path MTU Discovery");
int ss_fltsz = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO,
slowstart_flightsize, CTLFLAG_RW,
ss_fltsz, 1, "Slow start flight size");
int ss_fltsz_local = 4;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO,
local_slowstart_flightsize, CTLFLAG_RW,
ss_fltsz_local, 1, "Slow start flight size for local networks");
int tcp_do_newreno = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, newreno, CTLFLAG_RW,
tcp_do_newreno, 0, "Enable NewReno Algorithms");
int tcp_do_tso = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, tso, CTLFLAG_RW,
tcp_do_tso, 0, "Enable TCP Segmentation Offload");
int tcp_do_autosndbuf = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_auto,
CTLFLAG_RW,
tcp_do_autosndbuf, 0, "Enable automatic send buffer sizing");
int tcp_autosndbuf_inc = 8*1024;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_inc,
CTLFLAG_RW, tcp_autosndbuf_inc, 0,
"Incrementor step size of automatic send buffer");
int tcp_autosndbuf_max = 256*1024;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, sendbuf_max,
CTLFLAG_RW, tcp_autosndbuf_max, 0,
"Max size of automatic send buffer");

View File

@ -74,25 +74,28 @@ __FBSDID("$FreeBSD$");
#include <netinet/tcp_debug.h>
#endif /* TCPDEBUG */
#ifdef VIMAGE_GLOBALS
static int tcp_reass_maxseg;
int tcp_reass_qsize;
static int tcp_reass_maxqlen;
static int tcp_reass_overflows;
#endif
SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW, 0,
"TCP Segment Reassembly Queue");
static int tcp_reass_maxseg = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, maxsegments,
CTLFLAG_RDTUN, tcp_reass_maxseg, 0,
"Global maximum number of TCP Segments in Reassembly Queue");
int tcp_reass_qsize = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, cursegments,
CTLFLAG_RD, tcp_reass_qsize, 0,
"Global number of TCP Segments currently in Reassembly Queue");
static int tcp_reass_maxqlen = 48;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, maxqlen,
CTLFLAG_RW, tcp_reass_maxqlen, 0,
"Maximum number of TCP Segments per individual Reassembly Queue");
static int tcp_reass_overflows = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_reass, OID_AUTO, overflows,
CTLFLAG_RD, tcp_reass_overflows, 0,
"Global number of TCP Segment Reassembly Queue Overflows");
@ -114,6 +117,11 @@ tcp_reass_init(void)
{
INIT_VNET_INET(curvnet);
V_tcp_reass_maxseg = 0;
V_tcp_reass_qsize = 0;
V_tcp_reass_maxqlen = 48;
V_tcp_reass_overflows = 0;
V_tcp_reass_maxseg = nmbclusters / 16;
TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments",
&V_tcp_reass_maxseg);

View File

@ -124,23 +124,26 @@ __FBSDID("$FreeBSD$");
extern struct uma_zone *sack_hole_zone;
#ifdef VIMAGE_GLOBALS
int tcp_do_sack;
int tcp_sack_maxholes;
int tcp_sack_globalmaxholes;
int tcp_sack_globalholes;
#endif
SYSCTL_NODE(_net_inet_tcp, OID_AUTO, sack, CTLFLAG_RW, 0, "TCP SACK");
int tcp_do_sack = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, enable,
CTLFLAG_RW, tcp_do_sack, 0, "Enable/Disable TCP SACK support");
TUNABLE_INT("net.inet.tcp.sack.enable", &tcp_do_sack);
static int tcp_sack_maxholes = 128;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, maxholes,
CTLFLAG_RW, tcp_sack_maxholes, 0,
"Maximum number of TCP SACK holes allowed per connection");
static int tcp_sack_globalmaxholes = 65536;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, globalmaxholes,
CTLFLAG_RW, tcp_sack_globalmaxholes, 0,
"Global maximum number of TCP SACK holes");
static int tcp_sack_globalholes = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_sack, OID_AUTO, globalholes,
CTLFLAG_RD, tcp_sack_globalholes, 0,
"Global number of TCP SACK holes currently allocated");

View File

@ -111,9 +111,20 @@ __FBSDID("$FreeBSD$");
#include <security/mac/mac_framework.h>
int tcp_mssdflt = TCP_MSS;
#ifdef VIMAGE_GLOBALS
int tcp_mssdflt;
#ifdef INET6
int tcp_v6mssdflt = TCP6_MSS;
int tcp_v6mssdflt;
#endif
int tcp_minmss;
int tcp_do_rfc1323;
static int icmp_may_rst;
static int tcp_isn_reseed_interval;
static int tcp_inflight_enable;
static int tcp_inflight_rttthresh;
static int tcp_inflight_min;
static int tcp_inflight_max;
static int tcp_inflight_stab;
#endif
static int
@ -168,11 +179,9 @@ SYSCTL_PROC(_net_inet_tcp, TCPCTL_V6MSSDFLT, v6mssdflt, CTLTYPE_INT|CTLFLAG_RW,
* with packet generation and sending. Set to zero to disable MINMSS
* checking. This setting prevents us from sending too small packets.
*/
int tcp_minmss = TCP_MINMSS;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, minmss,
CTLFLAG_RW, tcp_minmss , 0, "Minmum TCP Maximum Segment Size");
int tcp_do_rfc1323 = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323,
CTLFLAG_RW, tcp_do_rfc1323, 0,
"Enable rfc1323 (high performance TCP) extensions");
@ -192,12 +201,10 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, do_tcpdrain, CTLFLAG_RW, &do_tcpdrain, 0,
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, pcbcount,
CTLFLAG_RD, tcbinfo.ipi_count, 0, "Number of active PCBs");
static int icmp_may_rst = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, icmp_may_rst,
CTLFLAG_RW, icmp_may_rst, 0,
"Certain ICMP unreachable messages may abort connections in SYN_SENT");
static int tcp_isn_reseed_interval = 0;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, isn_reseed_interval,
CTLFLAG_RW, tcp_isn_reseed_interval, 0,
"Seconds between reseeding of ISN secret");
@ -210,7 +217,6 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp, OID_AUTO, isn_reseed_interval,
SYSCTL_NODE(_net_inet_tcp, OID_AUTO, inflight, CTLFLAG_RW, 0,
"TCP inflight data limiting");
static int tcp_inflight_enable = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, enable,
CTLFLAG_RW, tcp_inflight_enable, 0,
"Enable automatic TCP inflight data limiting");
@ -219,20 +225,16 @@ static int tcp_inflight_debug = 0;
SYSCTL_INT(_net_inet_tcp_inflight, OID_AUTO, debug, CTLFLAG_RW,
&tcp_inflight_debug, 0, "Debug TCP inflight calculations");
static int tcp_inflight_rttthresh;
SYSCTL_PROC(_net_inet_tcp_inflight, OID_AUTO, rttthresh, CTLTYPE_INT|CTLFLAG_RW,
&tcp_inflight_rttthresh, 0, sysctl_msec_to_ticks, "I",
"RTT threshold below which inflight will deactivate itself");
static int tcp_inflight_min = 6144;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, min,
CTLFLAG_RW, tcp_inflight_min, 0, "Lower-bound for TCP inflight window");
static int tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, max,
CTLFLAG_RW, tcp_inflight_max, 0, "Upper-bound for TCP inflight window");
static int tcp_inflight_stab = 20;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_inflight, OID_AUTO, stab,
CTLFLAG_RW, tcp_inflight_stab, 0,
"Inflight Algorithm Stabilization 20 = 2 packets");
@ -297,8 +299,49 @@ void
tcp_init(void)
{
INIT_VNET_INET(curvnet);
int hashsize;
V_blackhole = 0;
V_tcp_delack_enabled = 1;
V_drop_synfin = 0;
V_tcp_do_rfc3042 = 1;
V_tcp_do_rfc3390 = 1;
V_tcp_do_ecn = 0;
V_tcp_ecn_maxretries = 1;
V_tcp_insecure_rst = 0;
V_tcp_do_autorcvbuf = 1;
V_tcp_autorcvbuf_inc = 16*1024;
V_tcp_autorcvbuf_max = 256*1024;
V_tcp_mssdflt = TCP_MSS;
#ifdef INET6
V_tcp_v6mssdflt = TCP6_MSS;
#endif
V_tcp_minmss = TCP_MINMSS;
V_tcp_do_rfc1323 = 1;
V_icmp_may_rst = 1;
V_tcp_isn_reseed_interval = 0;
V_tcp_inflight_enable = 1;
V_tcp_inflight_min = 6144;
V_tcp_inflight_max = TCP_MAXWIN << TCP_MAX_WINSHIFT;
V_tcp_inflight_stab = 20;
V_path_mtu_discovery = 1;
V_ss_fltsz = 1;
V_ss_fltsz_local = 4;
V_tcp_do_newreno = 1;
V_tcp_do_tso = 1;
V_tcp_do_autosndbuf = 1;
V_tcp_autosndbuf_inc = 8*1024;
V_tcp_autosndbuf_max = 256*1024;
V_nolocaltimewait = 0;
V_tcp_do_sack = 1;
V_tcp_sack_maxholes = 128;
V_tcp_sack_globalmaxholes = 65536;
V_tcp_sack_globalholes = 0;
int hashsize = TCBHASHSIZE;
tcp_delacktime = TCPTV_DELACK;
tcp_keepinit = TCPTV_KEEP_INIT;
tcp_keepidle = TCPTV_KEEP_IDLE;
@ -315,6 +358,7 @@ tcp_init(void)
INP_INFO_LOCK_INIT(&V_tcbinfo, "tcp");
LIST_INIT(&V_tcb);
V_tcbinfo.ipi_listhead = &V_tcb;
hashsize = TCBHASHSIZE;
TUNABLE_INT_FETCH("net.inet.tcp.tcbhashsize", &hashsize);
if (!powerof2(hashsize)) {
printf("WARNING: TCB hash size not a power of 2\n");
@ -1429,10 +1473,12 @@ tcp6_ctlinput(int cmd, struct sockaddr *sa, void *d)
#define ISN_STATIC_INCREMENT 4096
#define ISN_RANDOM_INCREMENT (4096 - 1)
#ifdef VIMAGE_GLOBALS
static u_char isn_secret[32];
static int isn_last_reseed;
static u_int32_t isn_offset, isn_offset_old;
static MD5_CTX isn_ctx;
#endif
tcp_seq
tcp_new_isn(struct tcpcb *tp)

View File

@ -98,12 +98,17 @@ __FBSDID("$FreeBSD$");
#include <security/mac/mac_framework.h>
static int tcp_syncookies = 1;
#ifdef VIMAGE_GLOBALS
static struct tcp_syncache tcp_syncache;
static int tcp_syncookies;
static int tcp_syncookiesonly;
int tcp_sc_rst_sock_fail;
#endif
SYSCTL_INT(_net_inet_tcp, OID_AUTO, syncookies, CTLFLAG_RW,
&tcp_syncookies, 0,
"Use TCP SYN cookies if the syncache overflows");
static int tcp_syncookiesonly = 0;
SYSCTL_INT(_net_inet_tcp, OID_AUTO, syncookies_only, CTLFLAG_RW,
&tcp_syncookiesonly, 0,
"Use only TCP SYN cookies");
@ -142,8 +147,6 @@ static struct syncache
#define TCP_SYNCACHE_HASHSIZE 512
#define TCP_SYNCACHE_BUCKETLIMIT 30
static struct tcp_syncache tcp_syncache;
SYSCTL_NODE(_net_inet_tcp, OID_AUTO, syncache, CTLFLAG_RW, 0, "TCP SYN cache");
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO,
@ -166,7 +169,6 @@ SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO,
rexmtlimit, CTLFLAG_RW,
tcp_syncache.rexmt_limit, 0, "Limit on SYN/ACK retransmissions");
int tcp_sc_rst_sock_fail = 1;
SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_tcp_syncache, OID_AUTO,
rst_on_sock_fail, CTLFLAG_RW,
tcp_sc_rst_sock_fail, 0, "Send reset on socket allocation failure");
@ -223,6 +225,10 @@ syncache_init(void)
INIT_VNET_INET(curvnet);
int i;
V_tcp_syncookies = 1;
V_tcp_syncookiesonly = 0;
V_tcp_sc_rst_sock_fail = 1;
V_tcp_syncache.cache_count = 0;
V_tcp_syncache.hashsize = TCP_SYNCACHE_HASHSIZE;
V_tcp_syncache.bucket_limit = TCP_SYNCACHE_BUCKETLIMIT;

View File

@ -102,7 +102,10 @@ static int maxtcptw;
* queue pointers in each tcptw structure, are protected using the global
* tcbinfo lock, which must be held over queue iteration and modification.
*/
#ifdef VIMAGE_GLOBALS
static TAILQ_HEAD(, tcptw) twq_2msl;
int nolocaltimewait;
#endif
static void tcp_tw_2msl_reset(struct tcptw *, int);
static void tcp_tw_2msl_stop(struct tcptw *);
@ -147,7 +150,6 @@ SYSCTL_PROC(_net_inet_tcp, OID_AUTO, maxtcptw, CTLTYPE_INT|CTLFLAG_RW,
&maxtcptw, 0, sysctl_maxtcptw, "IU",
"Maximum number of compressed TCP TIME_WAIT entries");
static int nolocaltimewait = 0;
SYSCTL_INT(_net_inet_tcp, OID_AUTO, nolocaltimewait, CTLFLAG_RW,
&nolocaltimewait, 0,
"Do not create compressed TCP TIME_WAIT entries for local connections");

View File

@ -517,7 +517,26 @@ extern int path_mtu_discovery;
extern int ss_fltsz;
extern int ss_fltsz_local;
extern int blackhole;
extern int drop_synfin;
extern int tcp_do_rfc3042;
extern int tcp_do_rfc3390;
extern int tcp_insecure_rst;
extern int tcp_do_autorcvbuf;
extern int tcp_autorcvbuf_inc;
extern int tcp_autorcvbuf_max;
extern int tcp_do_tso;
extern int tcp_do_autosndbuf;
extern int tcp_autosndbuf_inc;
extern int tcp_autosndbuf_max;
extern int nolocaltimewait;
extern int tcp_do_sack; /* SACK enabled/disabled */
extern int tcp_sack_maxholes;
extern int tcp_sack_globalmaxholes;
extern int tcp_sack_globalholes;
extern int tcp_sc_rst_sock_fail; /* RST on sock alloc failure */
extern int tcp_do_ecn; /* TCP ECN enabled/disabled */
extern int tcp_ecn_maxretries;

View File

@ -95,6 +95,10 @@ __FBSDID("$FreeBSD$");
* Per RFC 768, August, 1980.
*/
#ifdef VIMAGE_GLOBALS
int udp_blackhole;
#endif
/*
* BSD 4.2 defaulted the udp checksum to be off. Turning off udp checksums
* removes the only data integrity mechanism for packets and malformed
@ -109,7 +113,6 @@ int udp_log_in_vain = 0;
SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW,
&udp_log_in_vain, 0, "Log all incoming UDP packets");
int udp_blackhole = 0;
SYSCTL_INT(_net_inet_udp, OID_AUTO, blackhole, CTLFLAG_RW, &udp_blackhole, 0,
"Do not send port unreachables for refused connects");
@ -129,14 +132,16 @@ u_long udp_recvspace = 40 * (1024 +
SYSCTL_ULONG(_net_inet_udp, UDPCTL_RECVSPACE, recvspace, CTLFLAG_RW,
&udp_recvspace, 0, "Maximum space for incoming UDP datagrams");
#ifdef VIMAGE_GLOBALS
struct inpcbhead udb; /* from udp_var.h */
struct inpcbinfo udbinfo;
struct udpstat udpstat; /* from udp_var.h */
#endif
#ifndef UDBHASHSIZE
#define UDBHASHSIZE 128
#endif
struct udpstat udpstat; /* from udp_var.h */
SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_udp, UDPCTL_STATS, stats,
CTLFLAG_RW, udpstat, udpstat,
"UDP statistics (struct udpstat, netinet/udp_var.h)");
@ -167,6 +172,8 @@ udp_init(void)
{
INIT_VNET_INET(curvnet);
V_udp_blackhole = 0;
INP_INFO_LOCK_INIT(&V_udbinfo, "udp");
LIST_INIT(&V_udb);
V_udbinfo.ipi_listhead = &V_udb;

View File

@ -319,6 +319,8 @@ struct vnet_inet {
#define V_tcp_sack_maxholes VNET_INET(tcp_sack_maxholes)
#define V_tcp_sc_rst_sock_fail VNET_INET(tcp_sc_rst_sock_fail)
#define V_tcp_syncache VNET_INET(tcp_syncache)
#define V_tcp_syncookies VNET_INET(tcp_syncookies)
#define V_tcp_syncookiesonly VNET_INET(tcp_syncookiesonly)
#define V_tcp_v6mssdflt VNET_INET(tcp_v6mssdflt)
#define V_tcpstat VNET_INET(tcpstat)
#define V_twq_2msl VNET_INET(twq_2msl)

View File

@ -77,9 +77,11 @@ static struct mtx ip6qlock;
/*
* These fields all protected by ip6qlock.
*/
#ifdef VIMAGE_GLOBALS
static u_int frag6_nfragpackets;
static u_int frag6_nfrags;
static struct ip6q ip6q; /* ip6 reassemble queue */
#endif
#define IP6Q_LOCK_INIT() mtx_init(&ip6qlock, "ip6qlock", NULL, MTX_DEF);
#define IP6Q_LOCK() mtx_lock(&ip6qlock)

View File

@ -108,16 +108,17 @@ __FBSDID("$FreeBSD$");
#endif
extern struct domain inet6domain;
struct icmp6stat icmp6stat;
extern struct inpcbinfo ripcbinfo;
extern struct inpcbhead ripcb;
extern int icmp6errppslim;
static int icmp6errpps_count = 0;
static struct timeval icmp6errppslim_last;
extern int icmp6_nodeinfo;
#ifdef VIMAGE_GLOBALS
struct icmp6stat icmp6stat;
static int icmp6errpps_count;
static struct timeval icmp6errppslim_last;
#endif
static void icmp6_errcount(struct icmp6errstat *, int, int);
static int icmp6_rip6_input(struct mbuf **, int);
static int icmp6_ratelimit(const struct in6_addr *, const int, const int);
@ -138,6 +139,8 @@ icmp6_init(void)
{
INIT_VNET_INET6(curvnet);
V_icmp6errpps_count = 0;
mld6_init();
}

View File

@ -61,15 +61,11 @@ __FBSDID("$FreeBSD$");
#include <netinet6/nd6.h>
#include <netinet6/scope6_var.h>
unsigned long in6_maxmtu = 0;
#ifdef IP6_AUTO_LINKLOCAL
int ip6_auto_linklocal = IP6_AUTO_LINKLOCAL;
#else
int ip6_auto_linklocal = 1; /* enable by default */
#endif
#ifdef VIMAGE_GLOBALS
unsigned long in6_maxmtu;
int ip6_auto_linklocal;
struct callout in6_tmpaddrtimer_ch;
#endif
extern struct inpcbinfo udbinfo;
extern struct inpcbinfo ripcbinfo;

View File

@ -368,73 +368,56 @@ DOMAIN_SET(inet6);
/*
* Internet configuration info
*/
#ifndef IPV6FORWARDING
#ifdef GATEWAY6
#define IPV6FORWARDING 1 /* forward IP6 packets not for us */
#else
#define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */
#endif /* GATEWAY6 */
#endif /* !IPV6FORWARDING */
#ifndef IPV6_SENDREDIRECTS
#define IPV6_SENDREDIRECTS 1
#ifdef VIMAGE_GLOBALS
int ip6_forwarding;
int ip6_sendredirects;
int ip6_defhlim;
int ip6_defmcasthlim;
int ip6_accept_rtadv;
int ip6_maxfragpackets;
int ip6_maxfrags;
int ip6_log_interval;
int ip6_hdrnestlimit;
int ip6_dad_count;
int ip6_auto_flowlabel;
int ip6_use_deprecated;
int ip6_rr_prune;
int ip6_mcast_pmtu;
int ip6_v6only;
int ip6_keepfaith;
time_t ip6_log_time;
int ip6stealth;
int nd6_onlink_ns_rfc4861;
#endif
int ip6_forwarding = IPV6FORWARDING; /* act as router? */
int ip6_sendredirects = IPV6_SENDREDIRECTS;
int ip6_defhlim = IPV6_DEFHLIM;
int ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS;
int ip6_accept_rtadv = 0; /* "IPV6FORWARDING ? 0 : 1" is dangerous */
int ip6_maxfragpackets; /* initialized in frag6.c:frag6_init() */
int ip6_maxfrags; /* initialized in frag6.c:frag6_init() */
int ip6_log_interval = 5;
int ip6_hdrnestlimit = 15; /* How many header options will we process? */
int ip6_dad_count = 1; /* DupAddrDetectionTransmits */
int ip6_auto_flowlabel = 1;
int ip6_gif_hlim = 0;
int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */
int ip6_rr_prune = 5; /* router renumbering prefix
* walk list every 5 sec. */
int ip6_mcast_pmtu = 0; /* enable pMTU discovery for multicast? */
int ip6_v6only = 1;
int ip6_keepfaith = 0;
time_t ip6_log_time = (time_t)0L;
#ifdef IPSTEALTH
int ip6stealth = 0;
#endif
int nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (as in RFC 4861) */
#ifdef VIMAGE_GLOBALS
/* icmp6 */
/*
* BSDI4 defines these variables in in_proto.c...
* XXX: what if we don't define INET? Should we define pmtu6_expire
* or so? (jinmei@kame.net 19990310)
*/
int pmtu_expire = 60*10;
int pmtu_probe = 60*2;
int pmtu_expire;
int pmtu_probe;
/* raw IP6 parameters */
/*
* Nominal space allocated to a raw ip socket.
*/
#define RIPV6SNDQ 8192
#define RIPV6RCVQ 8192
u_long rip6_sendspace = RIPV6SNDQ;
u_long rip6_recvspace = RIPV6RCVQ;
u_long rip6_sendspace;
u_long rip6_recvspace;
/* ICMPV6 parameters */
int icmp6_rediraccept = 1; /* accept and process redirects */
int icmp6_redirtimeout = 10 * 60; /* 10 minutes */
int icmp6errppslim = 100; /* 100pps */
int icmp6_rediraccept;
int icmp6_redirtimeout;
int icmp6errppslim;
/* control how to respond to NI queries */
int icmp6_nodeinfo = (ICMP6_NODEINFO_FQDNOK|ICMP6_NODEINFO_NODEADDROK);
int icmp6_nodeinfo;
/* UDP on IP6 parameters */
int udp6_sendspace = 9216; /* really max datagram size */
int udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6));
/* 40 1K datagrams */
int udp6_sendspace;
int udp6_recvspace;
#endif /* VIMAGE_GLOBALS */
/*
* sysctl related items.

View File

@ -219,18 +219,18 @@ in6_matroute(void *v_arg, struct radix_node_head *head)
SYSCTL_DECL(_net_inet6_ip6);
static int rtq_reallyold6 = 60*60;
/* one hour is ``really old'' */
#ifdef VIMAGE_GLOBALS
static int rtq_reallyold6;
static int rtq_minreallyold6;
static int rtq_toomany6;
#endif
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTEXPIRE, rtexpire,
CTLFLAG_RW, &rtq_reallyold6 , 0, "");
static int rtq_minreallyold6 = 10;
/* never automatically crank down to less */
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTMINEXPIRE, rtminexpire,
CTLFLAG_RW, &rtq_minreallyold6 , 0, "");
static int rtq_toomany6 = 128;
/* 128 cached routes is ``too many'' */
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTMAXCACHE, rtmaxcache,
CTLFLAG_RW, &rtq_toomany6 , 0, "");
@ -324,8 +324,10 @@ in6_rtqkill(struct radix_node *rn, void *rock)
}
#define RTQ_TIMEOUT 60*10 /* run no less than once every ten minutes */
static int rtq_timeout6 = RTQ_TIMEOUT;
#ifdef VIMAGE_GLOBALS
static int rtq_timeout6;
static struct callout rtq_timer6;
#endif
static void
in6_rtqtimo(void *rock)
@ -387,7 +389,9 @@ struct mtuex_arg {
struct radix_node_head *rnh;
time_t nextstop;
};
#ifdef VIMAGE_GLOBALS
static struct callout rtq_mtutimer;
#endif
static int
in6_mtuexpire(struct radix_node *rn, void *rock)
@ -478,6 +482,11 @@ in6_inithead(void **head, int off)
if (off == 0) /* See above */
return 1; /* only do the rest for the real thing */
V_rtq_reallyold6 = 60*60; /* one hour is ``really old'' */
V_rtq_minreallyold6 = 10; /* never automatically crank down to less */
V_rtq_toomany6 = 128; /* 128 cached routes is ``too many'' */
V_rtq_timeout6 = RTQ_TIMEOUT;
rnh = *head;
rnh->rnh_addaddr = in6_addroute;
rnh->rnh_matchaddr = in6_matroute;

View File

@ -119,9 +119,11 @@ static struct sx addrsel_sxlock;
#define ADDRSEL_XUNLOCK() sx_xunlock(&addrsel_sxlock)
#define ADDR_LABEL_NOTAPP (-1)
struct in6_addrpolicy defaultaddrpolicy;
int ip6_prefer_tempaddr = 0;
#ifdef VIMAGE_GLOBALS
struct in6_addrpolicy defaultaddrpolicy;
int ip6_prefer_tempaddr;
#endif
static int selectroute __P((struct sockaddr_in6 *, struct ip6_pktopts *,
struct ip6_moptions *, struct route_in6 *, struct ifnet **,
@ -875,6 +877,8 @@ addrsel_policy_init(void)
ADDRSEL_SXLOCK_INIT();
INIT_VNET_INET6(curvnet);
V_ip6_prefer_tempaddr = 0;
init_policy_queue();
/* initialize the "last resort" policy */
@ -972,7 +976,9 @@ struct addrsel_policyent {
TAILQ_HEAD(addrsel_policyhead, addrsel_policyent);
#ifdef VIMAGE_GLOBALS
struct addrsel_policyhead addrsel_policytab;
#endif
static void
init_policy_queue(void)

View File

@ -76,7 +76,9 @@ __FBSDID("$FreeBSD$");
#include <netinet6/ip6protosw.h>
#ifdef VIMAGE_GLOBALS
struct route_in6 ip6_forward_rt;
#endif
/*
* Forward a packet. If some error occurs return the sender

View File

@ -116,21 +116,34 @@ extern struct domain inet6domain;
u_char ip6_protox[IPPROTO_MAX];
static struct ifqueue ip6intrq;
static int ip6qmaxlen = IFQ_MAXLEN;
#ifdef VIMAGE_GLOBALS
static int ip6qmaxlen;
struct in6_ifaddr *in6_ifaddr;
struct ip6stat ip6stat;
#endif
extern struct callout in6_tmpaddrtimer_ch;
extern int dad_init;
extern int pmtu_expire;
extern int pmtu_probe;
extern u_long rip6_sendspace;
extern u_long rip6_recvspace;
extern int icmp6errppslim;
extern int icmp6_nodeinfo;
extern int udp6_sendspace;
extern int udp6_recvspace;
#ifdef VIMAGE_GLOBALS
int ip6_forward_srcrt; /* XXX */
int ip6_sourcecheck; /* XXX */
int ip6_sourcecheck_interval; /* XXX */
int ip6_ours_check_algorithm;
#endif
struct pfil_head inet6_pfil_hook;
struct ip6stat ip6stat;
static void ip6_init2(void *);
static struct ip6aux *ip6_setdstifaddr(struct mbuf *, struct in6_ifaddr *);
static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *);
@ -149,6 +162,72 @@ ip6_init(void)
struct ip6protosw *pr;
int i;
V_ip6qmaxlen = IFQ_MAXLEN;
V_in6_maxmtu = 0;
#ifdef IP6_AUTO_LINKLOCAL
V_ip6_auto_linklocal = IP6_AUTO_LINKLOCAL;
#else
V_ip6_auto_linklocal = 1; /* enable by default */
#endif
#ifndef IPV6FORWARDING
#ifdef GATEWAY6
#define IPV6FORWARDING 1 /* forward IP6 packets not for us */
#else
#define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */
#endif /* GATEWAY6 */
#endif /* !IPV6FORWARDING */
#ifndef IPV6_SENDREDIRECTS
#define IPV6_SENDREDIRECTS 1
#endif
V_ip6_forwarding = IPV6FORWARDING; /* act as router? */
V_ip6_sendredirects = IPV6_SENDREDIRECTS;
V_ip6_defhlim = IPV6_DEFHLIM;
V_ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS;
V_ip6_accept_rtadv = 0; /* "IPV6FORWARDING ? 0 : 1" is dangerous */
V_ip6_log_interval = 5;
V_ip6_hdrnestlimit = 15; /* How many header options will we process? */
V_ip6_dad_count = 1; /* DupAddrDetectionTransmits */
V_ip6_auto_flowlabel = 1;
V_ip6_use_deprecated = 1;/* allow deprecated addr (RFC2462 5.5.4) */
V_ip6_rr_prune = 5; /* router renumbering prefix
* walk list every 5 sec. */
V_ip6_mcast_pmtu = 0; /* enable pMTU discovery for multicast? */
V_ip6_v6only = 1;
V_ip6_keepfaith = 0;
V_ip6_log_time = (time_t)0L;
#ifdef IPSTEALTH
V_ip6stealth = 0;
#endif
V_nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (RFC 4861) */
V_pmtu_expire = 60*10;
V_pmtu_probe = 60*2;
/* raw IP6 parameters */
/*
* Nominal space allocated to a raw ip socket.
*/
#define RIPV6SNDQ 8192
#define RIPV6RCVQ 8192
V_rip6_sendspace = RIPV6SNDQ;
V_rip6_recvspace = RIPV6RCVQ;
/* ICMPV6 parameters */
V_icmp6_rediraccept = 1; /* accept and process redirects */
V_icmp6_redirtimeout = 10 * 60; /* 10 minutes */
V_icmp6errppslim = 100; /* 100pps */
/* control how to respond to NI queries */
V_icmp6_nodeinfo = (ICMP6_NODEINFO_FQDNOK|ICMP6_NODEINFO_NODEADDROK);
/* UDP on IP6 parameters */
V_udp6_sendspace = 9216; /* really max datagram size */
V_udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6));
/* 40 1K datagrams */
V_dad_init = 0;
#ifdef DIAGNOSTIC
if (sizeof(struct protosw) != sizeof(struct ip6protosw))
panic("sizeof(protosw) != sizeof(ip6protosw)");

View File

@ -129,6 +129,7 @@ static MALLOC_DEFINE(M_MRTABLE6, "mf6c", "multicast forwarding cache entry");
static int ip6_mdq(struct mbuf *, struct ifnet *, struct mf6c *);
static void phyint_send(struct ip6_hdr *, struct mif6 *, struct mbuf *);
static void pim6_init(void);
static int set_pim6(int *);
static int socket_send __P((struct socket *, struct mbuf *,
struct sockaddr_in6 *));
@ -146,10 +147,13 @@ struct ip6protosw in6_pim_protosw = {
.pr_input = pim6_input,
.pr_output = rip6_output,
.pr_ctloutput = rip6_ctloutput,
.pr_init = pim6_init,
.pr_usrreqs = &rip6_usrreqs
};
static int ip6_mrouter_ver = 0;
#ifdef VIMAGE_GLOBALS
static int ip6_mrouter_ver;
#endif
SYSCTL_DECL(_net_inet6);
SYSCTL_DECL(_net_inet6_ip6);
@ -177,7 +181,9 @@ SYSCTL_OPAQUE(_net_inet6_ip6, OID_AUTO, mif6table, CTLFLAG_RD,
"Multicast Interfaces (struct mif[MAXMIFS], netinet6/ip6_mroute.h)");
#ifdef MRT6DEBUG
#ifdef VIMAGE_GLOBALS
static u_int mrt6debug = 0; /* debug level */
#endif
#define DEBUG_MFC 0x02
#define DEBUG_FORWARD 0x04
#define DEBUG_EXPIRE 0x08
@ -222,7 +228,9 @@ SYSCTL_STRUCT(_net_inet6_pim, PIM6CTL_STATS, stats, CTLFLAG_RD,
&pim6stat, pim6stat,
"PIM Statistics (struct pim6stat, netinet6/pim_var.h)");
#ifdef VIMAGE_GLOBALS
static int pim6;
#endif
/*
* Hash function for a source, group entry
@ -302,6 +310,17 @@ int X_ip6_mrouter_set(struct socket *so, struct sockopt *sopt);
int X_ip6_mrouter_get(struct socket *so, struct sockopt *sopt);
int X_mrt6_ioctl(int cmd, caddr_t data);
static void
pim6_init(void)
{
INIT_VNET_INET6(curvnet);
V_ip6_mrouter_ver = 0;
#ifdef MRT6DEBUG
V_mrt6debug = 0; /* debug level */
#endif
}
/*
* Handle MRT setsockopt commands to modify the multicast routing tables.
*/

View File

@ -104,7 +104,9 @@ __FBSDID("$FreeBSD$");
*/
#define MLD_UNSOLICITED_REPORT_INTERVAL 10
#ifdef VIMAGE_GLOBALS
static struct ip6_pktopts ip6_opts;
#endif
static void mld6_sendpkt(struct in6_multi *, int, const struct in6_addr *);
static void mld_starttimer(struct in6_multi *);

View File

@ -79,34 +79,32 @@ __FBSDID("$FreeBSD$");
#define SIN6(s) ((struct sockaddr_in6 *)s)
#define SDL(s) ((struct sockaddr_dl *)s)
/* timer values */
int nd6_prune = 1; /* walk list every 1 seconds */
int nd6_delay = 5; /* delay first probe time 5 second */
int nd6_umaxtries = 3; /* maximum unicast query */
int nd6_mmaxtries = 3; /* maximum multicast query */
int nd6_useloopback = 1; /* use loopback interface for local traffic */
int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */
#ifdef VIMAGE_GLOBALS
int nd6_prune;
int nd6_delay;
int nd6_umaxtries;
int nd6_mmaxtries;
int nd6_useloopback;
int nd6_gctimer;
/* preventing too many loops in ND option parsing */
int nd6_maxndopt = 10; /* max # of ND options allowed */
int nd6_maxndopt;
int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */
int nd6_maxqueuelen = 1; /* max # of packets cached in unresolved ND entries */
int nd6_maxnudhint;
int nd6_maxqueuelen;
#ifdef ND6_DEBUG
int nd6_debug = 1;
#else
int nd6_debug = 0;
#endif
int nd6_debug;
/* for debugging? */
static int nd6_inuse, nd6_allocated;
struct llinfo_nd6 llinfo_nd6;
struct llinfo_nd6 llinfo_nd6 = {&llinfo_nd6, &llinfo_nd6};
struct nd_drhead nd_defrouter;
struct nd_prhead nd_prefix = { 0 };
struct nd_prhead nd_prefix;
int nd6_recalc_reachtm_interval;
#endif /* VIMAGE_GLOBALS */
int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL;
static struct sockaddr_in6 all1_sa;
static int nd6_is_new_addr_neighbor __P((struct sockaddr_in6 *,
@ -118,9 +116,13 @@ static struct llinfo_nd6 *nd6_free(struct rtentry *, int);
static void nd6_llinfo_timer(void *);
static void clear_llinfo_pqueue(struct llinfo_nd6 *);
#ifdef VIMAGE_GLOBALS
struct callout nd6_slowtimo_ch;
struct callout nd6_timer_ch;
extern struct callout in6_tmpaddrtimer_ch;
extern int dad_ignore_ns;
extern int dad_maxtry;
#endif
void
nd6_init(void)
@ -134,6 +136,39 @@ nd6_init(void)
return;
}
V_nd6_prune = 1; /* walk list every 1 seconds */
V_nd6_delay = 5; /* delay first probe time 5 second */
V_nd6_umaxtries = 3; /* maximum unicast query */
V_nd6_mmaxtries = 3; /* maximum multicast query */
V_nd6_useloopback = 1; /* use loopback interface for local traffic */
V_nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */
/* preventing too many loops in ND option parsing */
V_nd6_maxndopt = 10; /* max # of ND options allowed */
V_nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */
V_nd6_maxqueuelen = 1; /* max pkts cached in unresolved ND entries */
#ifdef ND6_DEBUG
V_nd6_debug = 1;
#else
V_nd6_debug = 0;
#endif
V_nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL;
V_dad_ignore_ns = 0; /* ignore NS in DAD - specwise incorrect*/
V_dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */
V_llinfo_nd6.ln_next = &V_llinfo_nd6;
V_llinfo_nd6.ln_prev = &V_llinfo_nd6;
LIST_INIT(&V_nd_prefix);
ip6_use_tempaddr = 0;
ip6_temp_preferred_lifetime = DEF_TEMP_PREFERRED_LIFETIME;
ip6_temp_valid_lifetime = DEF_TEMP_VALID_LIFETIME;
ip6_temp_regen_advance = TEMPADDR_REGEN_ADVANCE;
all1_sa.sin6_family = AF_INET6;
all1_sa.sin6_len = sizeof(struct sockaddr_in6);
for (i = 0; i < sizeof(all1_sa.sin6_addr); i++)

View File

@ -86,8 +86,10 @@ static void nd6_dad_ns_output(struct dadq *, struct ifaddr *);
static void nd6_dad_ns_input(struct ifaddr *);
static void nd6_dad_na_input(struct ifaddr *);
static int dad_ignore_ns = 0; /* ignore NS in DAD - specwise incorrect*/
static int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */
#ifdef VIMAGE_GLOBALS
int dad_ignore_ns;
int dad_maxtry;
#endif
/*
* Input a Neighbor Solicitation Message.
@ -1096,8 +1098,10 @@ struct dadq {
struct callout dad_timer_ch;
};
#ifdef VIMAGE_GLOBALS
static struct dadq_head dadq;
static int dad_init = 0;
int dad_init;
#endif
static struct dadq *
nd6_dad_find(struct ifaddr *ifa)

View File

@ -87,20 +87,16 @@ static int rt6_deleteroute(struct radix_node *, void *);
extern int nd6_recalc_reachtm_interval;
#ifdef VIMAGE_GLOBALS
static struct ifnet *nd6_defifp;
int nd6_defifindex;
int ip6_use_tempaddr = 0;
int ip6_use_tempaddr;
int ip6_desync_factor;
u_int32_t ip6_temp_preferred_lifetime = DEF_TEMP_PREFERRED_LIFETIME;
u_int32_t ip6_temp_valid_lifetime = DEF_TEMP_VALID_LIFETIME;
/*
* shorter lifetimes for debugging purposes.
int ip6_temp_preferred_lifetime = 800;
static int ip6_temp_valid_lifetime = 1800;
*/
int ip6_temp_regen_advance = TEMPADDR_REGEN_ADVANCE;
u_int32_t ip6_temp_preferred_lifetime;
u_int32_t ip6_temp_valid_lifetime;
int ip6_temp_regen_advance;
#endif
/* RTPREF_MEDIUM has to be 0! */
#define RTPREF_HIGH 1

View File

@ -117,7 +117,9 @@ extern struct inpcbinfo ripcbinfo;
extern u_long rip_sendspace;
extern u_long rip_recvspace;
#ifdef VIMAGE_GLOBALS
struct rip6stat rip6stat;
#endif
/*
* Hooks for multicast forwarding.

View File

@ -50,11 +50,6 @@ __FBSDID("$FreeBSD$");
#include <netinet6/in6_var.h>
#include <netinet6/scope6_var.h>
#ifdef ENABLE_DEFAULT_SCOPE
int ip6_use_defzone = 1;
#else
int ip6_use_defzone = 0;
#endif
/*
* The scope6_lock protects the global sid default stored in
@ -66,7 +61,11 @@ static struct mtx scope6_lock;
#define SCOPE6_UNLOCK() mtx_unlock(&scope6_lock)
#define SCOPE6_LOCK_ASSERT() mtx_assert(&scope6_lock, MA_OWNED)
#ifdef VIMAGE_GLOBALS
static struct scope6_id sid_default;
int ip6_use_defzone;
#endif
#define SID(ifp) \
(((struct in6_ifextra *)(ifp)->if_afdata[AF_INET6])->scope6_id)
@ -75,6 +74,11 @@ scope6_init(void)
{
INIT_VNET_INET6(curvnet);
#ifdef ENABLE_DEFAULT_SCOPE
V_ip6_use_defzone = 1;
#else
V_ip6_use_defzone = 0;
#endif
SCOPE6_LOCK_INIT();
bzero(&V_sid_default, sizeof(V_sid_default));
}

View File

@ -108,6 +108,7 @@ struct vnet_inet6 {
int _ip6_keepfaith;
int _ip6stealth;
time_t _ip6_log_time;
int _nd6_onlink_ns_rfc4861;
int _pmtu_expire;
int _pmtu_probe;
@ -232,6 +233,7 @@ struct vnet_inet6 {
#define V_nd6_maxnudhint VNET_INET6(nd6_maxnudhint)
#define V_nd6_maxqueuelen VNET_INET6(nd6_maxqueuelen)
#define V_nd6_mmaxtries VNET_INET6(nd6_mmaxtries)
#define V_nd6_onlink_ns_rfc4861 VNET_INET6(nd6_onlink_ns_rfc4861)
#define V_nd6_prune VNET_INET6(nd6_prune)
#define V_nd6_recalc_reachtm_interval VNET_INET6(nd6_recalc_reachtm_interval)
#define V_nd6_slowtimo_ch VNET_INET6(nd6_slowtimo_ch)

View File

@ -97,23 +97,19 @@
#include <opencrypto/cryptodev.h>
#ifdef IPSEC_DEBUG
int ipsec_debug = 1;
#else
int ipsec_debug = 0;
#endif
#ifdef VIMAGE_GLOBALS
/* NB: name changed so netstat doesn't use it */
struct ipsecstat ipsec4stat;
int ip4_ah_offsetmask = 0; /* maybe IP_DF? */
int ip4_ipsec_dfbit = 0; /* DF bit on encap. 0: clear 1: set 2: copy */
int ip4_esp_trans_deflev = IPSEC_LEVEL_USE;
int ip4_esp_net_deflev = IPSEC_LEVEL_USE;
int ip4_ah_trans_deflev = IPSEC_LEVEL_USE;
int ip4_ah_net_deflev = IPSEC_LEVEL_USE;
struct secpolicy ip4_def_policy;
int ip4_ipsec_ecn = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
int ip4_esp_randpad = -1;
int ipsec_debug;
int ip4_ah_offsetmask;
int ip4_ipsec_dfbit;
int ip4_esp_trans_deflev;
int ip4_esp_net_deflev;
int ip4_ah_trans_deflev;
int ip4_ah_net_deflev;
int ip4_ipsec_ecn;
int ip4_esp_randpad;
/*
* Crypto support requirements:
*
@ -121,7 +117,8 @@ int ip4_esp_randpad = -1;
* -1 require software support
* 0 take anything
*/
int crypto_support = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE;
int crypto_support;
#endif /* VIMAGE_GLOBALS */
SYSCTL_DECL(_net_inet_ipsec);
@ -164,29 +161,33 @@ SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_ipsec, OID_AUTO,
"IPsec IPv4 statistics.");
#ifdef REGRESSION
#ifdef VIMAGE_GLOBALS
int ipsec_replay;
int ipsec_integrity;
#endif
/*
* When set to 1, IPsec will send packets with the same sequence number.
* This allows to verify if the other side has proper replay attacks detection.
*/
int ipsec_replay = 0;
SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_ipsec, OID_AUTO, test_replay,
CTLFLAG_RW, ipsec_replay, 0, "Emulate replay attack");
/*
* When set 1, IPsec will send packets with corrupted HMAC.
* This allows to verify if the other side properly detects modified packets.
*/
int ipsec_integrity = 0;
SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_ipsec, OID_AUTO, test_integrity,
CTLFLAG_RW, ipsec_integrity, 0, "Emulate man-in-the-middle attack");
#endif
#ifdef INET6
#ifdef VIMAGE_GLOBALS
struct ipsecstat ipsec6stat;
int ip6_esp_trans_deflev = IPSEC_LEVEL_USE;
int ip6_esp_net_deflev = IPSEC_LEVEL_USE;
int ip6_ah_trans_deflev = IPSEC_LEVEL_USE;
int ip6_ah_net_deflev = IPSEC_LEVEL_USE;
int ip6_ipsec_ecn = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
int ip6_esp_trans_deflev;
int ip6_esp_net_deflev;
int ip6_ah_trans_deflev;
int ip6_ah_net_deflev;
int ip6_ipsec_ecn;
#endif
SYSCTL_DECL(_net_inet6_ipsec6);
@ -242,6 +243,40 @@ static size_t ipsec_hdrsiz __P((struct secpolicy *));
MALLOC_DEFINE(M_IPSEC_INPCB, "inpcbpolicy", "inpcb-resident ipsec policy");
void
ipsec_init(void)
{
INIT_VNET_IPSEC(curvnet);
#ifdef IPSEC_DEBUG
V_ipsec_debug = 1;
#else
V_ipsec_debug = 0;
#endif
V_ip4_ah_offsetmask = 0; /* maybe IP_DF? */
V_ip4_ipsec_dfbit = 0; /* DF bit on encap. 0: clear 1: set 2: copy */
V_ip4_esp_trans_deflev = IPSEC_LEVEL_USE;
V_ip4_esp_net_deflev = IPSEC_LEVEL_USE;
V_ip4_ah_trans_deflev = IPSEC_LEVEL_USE;
V_ip4_ah_net_deflev = IPSEC_LEVEL_USE;
V_ip4_ipsec_ecn = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
V_ip4_esp_randpad = -1;
V_crypto_support = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE;
#ifdef REGRESSION
V_ipsec_replay = 0;
V_ipsec_integrity = 0;
#endif
V_ip6_esp_trans_deflev = IPSEC_LEVEL_USE;
V_ip6_esp_net_deflev = IPSEC_LEVEL_USE;
V_ip6_ah_trans_deflev = IPSEC_LEVEL_USE;
V_ip6_ah_net_deflev = IPSEC_LEVEL_USE;
V_ip6_ipsec_ecn = 0; /* ECN ignore(-1)/forbidden(0)/allowed(1) */
}
/*
* Return a held reference to the default SP.
*/

View File

@ -359,6 +359,7 @@ extern struct ipsecrequest *ipsec_newisr(void);
extern void ipsec_delisr(struct ipsecrequest *);
struct tdb_ident;
extern void ipsec_init(void);
extern struct secpolicy *ipsec_getpolicy __P((struct tdb_ident*, u_int));
struct inpcb;
extern struct secpolicy *ipsec4_checkpolicy __P((struct mbuf *, u_int, u_int,

View File

@ -113,20 +113,31 @@
* field hits 0 (= no external reference other than from SA header.
*/
u_int32_t key_debug_level = 0;
static u_int key_spi_trycnt = 1000;
static u_int32_t key_spi_minval = 0x100;
static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
static u_int32_t policy_id = 0;
static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/
static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
static int key_preferred_oldsa = 1; /* preferred old sa rather than new sa.*/
#ifdef VIMAGE_GLOBALS
u_int32_t key_debug_level;
static u_int key_spi_trycnt;
static u_int32_t key_spi_minval;
static u_int32_t key_spi_maxval;
static u_int32_t policy_id;
static u_int key_int_random;
static u_int key_larval_lifetime;
static int key_blockacq_count;
static int key_blockacq_lifetime;
static int key_preferred_oldsa;
static u_int32_t acq_seq = 0;
static u_int32_t acq_seq;
static int ipsec_esp_keymin;
static int ipsec_esp_auth;
static int ipsec_ah_keymin;
static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */
static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
#endif /* VIMAGE_GLOBALS */
static struct mtx sptree_lock;
#define SPTREE_LOCK_INIT() \
mtx_init(&sptree_lock, "sptree", \
@ -136,7 +147,6 @@ static struct mtx sptree_lock;
#define SPTREE_UNLOCK() mtx_unlock(&sptree_lock)
#define SPTREE_LOCK_ASSERT() mtx_assert(&sptree_lock, MA_OWNED)
static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
static struct mtx sahtree_lock;
#define SAHTREE_LOCK_INIT() \
mtx_init(&sahtree_lock, "sahtree", \
@ -147,7 +157,6 @@ static struct mtx sahtree_lock;
#define SAHTREE_LOCK_ASSERT() mtx_assert(&sahtree_lock, MA_OWNED)
/* registed list */
static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
static struct mtx regtree_lock;
#define REGTREE_LOCK_INIT() \
mtx_init(&regtree_lock, "regtree", "fast ipsec regtree", MTX_DEF)
@ -156,7 +165,6 @@ static struct mtx regtree_lock;
#define REGTREE_UNLOCK() mtx_unlock(&regtree_lock)
#define REGTREE_LOCK_ASSERT() mtx_assert(&regtree_lock, MA_OWNED)
static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
static struct mtx acq_lock;
#define ACQ_LOCK_INIT() \
mtx_init(&acq_lock, "acqtree", "fast ipsec acquire list", MTX_DEF)
@ -165,7 +173,6 @@ static struct mtx acq_lock;
#define ACQ_UNLOCK() mtx_unlock(&acq_lock)
#define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED)
static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
static struct mtx spacq_lock;
#define SPACQ_LOCK_INIT() \
mtx_init(&spacq_lock, "spacqtree", \
@ -236,10 +243,6 @@ static const int maxsize[] = {
sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
};
static int ipsec_esp_keymin = 256;
static int ipsec_esp_auth = 0;
static int ipsec_ah_keymin = 128;
#ifdef SYSCTL_DECL
SYSCTL_DECL(_net_key);
#endif
@ -7184,6 +7187,23 @@ key_init(void)
INIT_VNET_IPSEC(curvnet);
int i;
V_key_debug_level = 0;
V_key_spi_trycnt = 1000;
V_key_spi_minval = 0x100;
V_key_spi_maxval = 0x0fffffff; /* XXX */
V_policy_id = 0;
V_key_int_random = 60; /*interval to initialize randseed,1(m)*/
V_key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
V_key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
V_key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
V_key_preferred_oldsa = 1; /* preferred old sa rather than new sa*/
V_acq_seq = 0;
V_ipsec_esp_keymin = 256;
V_ipsec_esp_auth = 0;
V_ipsec_ah_keymin = 128;
SPTREE_LOCK_INIT();
REGTREE_LOCK_INIT();
SAHTREE_LOCK_INIT();

View File

@ -70,14 +70,16 @@ struct key_cb {
int key_count;
int any_count;
};
#ifdef VIMAGE_GLOBALS
static struct key_cb key_cb;
struct pfkeystat pfkeystat;
#endif
static struct sockaddr key_src = { 2, PF_KEY, };
static int key_sendup0 __P((struct rawcb *, struct mbuf *, int));
struct pfkeystat pfkeystat;
/*
* key_output()
*/
@ -570,7 +572,9 @@ static void
key_init0(void)
{
INIT_VNET_IPSEC(curvnet);
bzero((caddr_t)&V_key_cb, sizeof(V_key_cb));
ipsec_init();
key_init();
}

View File

@ -88,9 +88,11 @@
#define AUTHSIZE(sav) \
((sav->flags & SADB_X_EXT_OLD) ? 16 : AH_HMAC_HASHLEN)
int ah_enable = 1; /* control flow of packets with AH */
int ah_cleartos = 1; /* clear ip_tos when doing AH calc */
#ifdef VIMAGE_GLOBALS
int ah_enable;
int ah_cleartos;
struct ahstat ahstat;
#endif
SYSCTL_DECL(_net_inet_ah);
SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ah, OID_AUTO,
@ -1217,6 +1219,10 @@ static struct xformsw ah_xformsw = {
static void
ah_attach(void)
{
V_ah_enable = 1; /* control flow of packets with AH */
V_ah_cleartos = 1; /* clear ip_tos when doing AH calc */
xform_register(&ah_xformsw);
}
SYSINIT(ah_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ah_attach, NULL);

View File

@ -76,8 +76,11 @@
#include <opencrypto/cryptodev.h>
#include <opencrypto/xform.h>
int esp_enable = 1;
#ifdef VIMAGE_GLOBALS
struct espstat espstat;
static int esp_max_ivlen; /* max iv length over all algorithms */
int esp_enable;
#endif
SYSCTL_DECL(_net_inet_esp);
SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_esp, OID_AUTO,
@ -85,8 +88,6 @@ SYSCTL_V_INT(V_NET, vnet_ipsec,_net_inet_esp, OID_AUTO,
SYSCTL_V_STRUCT(V_NET, vnet_ipsec, _net_inet_esp, IPSECCTL_STATS,
stats, CTLFLAG_RD, espstat, espstat, "");
static int esp_max_ivlen; /* max iv length over all algorithms */
static int esp_input_cb(struct cryptop *op);
static int esp_output_cb(struct cryptop *crp);
@ -993,7 +994,9 @@ esp_attach(void)
if (xform.blocksize > V_esp_max_ivlen) \
V_esp_max_ivlen = xform.blocksize \
V_esp_enable = 1;
V_esp_max_ivlen = 0;
MAXIV(enc_xform_des); /* SADB_EALG_DESCBC */
MAXIV(enc_xform_3des); /* SADB_EALG_3DESCBC */
MAXIV(enc_xform_rijndael128); /* SADB_X_EALG_AES */

View File

@ -67,8 +67,10 @@
#include <opencrypto/deflate.h>
#include <opencrypto/xform.h>
int ipcomp_enable = 0;
#ifdef VIMAGE_GLOBALS
int ipcomp_enable;
struct ipcompstat ipcompstat;
#endif
SYSCTL_DECL(_net_inet_ipcomp);
SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipcomp, OID_AUTO,
@ -597,6 +599,8 @@ static struct xformsw ipcomp_xformsw = {
static void
ipcomp_attach(void)
{
V_ipcomp_enable = 0;
xform_register(&ipcomp_xformsw);
}
SYSINIT(ipcomp_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ipcomp_attach, NULL);

View File

@ -91,8 +91,10 @@
* We can control the acceptance of IP4 packets by altering the sysctl
* net.inet.ipip.allow value. Zero means drop them, all else is acceptance.
*/
int ipip_allow = 0;
#ifdef VIMAGE_GLOBALS
int ipip_allow;
struct ipipstat ipipstat;
#endif
SYSCTL_DECL(_net_inet_ipip);
SYSCTL_V_INT(V_NET, vnet_ipsec, _net_inet_ipip, OID_AUTO,
@ -694,6 +696,9 @@ ipe4_encapcheck(const struct mbuf *m, int off, int proto, void *arg)
static void
ipe4_attach(void)
{
V_ipip_allow = 0;
xform_register(&ipe4_xformsw);
/* attach to encapsulation framework */
/* XXX save return cookie for detach on module remove */

View File

@ -33,6 +33,8 @@
#ifndef _SYS_VIMAGE_H_
#define _SYS_VIMAGE_H_
#define VIMAGE_GLOBALS 1
/* Non-VIMAGE null-macros */
#define CURVNET_SET(arg)
#define CURVNET_SET_QUIET(arg)